Last week, the reported 2015 data breach figures officially outstripped those of 2014. As of December 8, 2015 the ITRC reports 732 data breaches in the US, surpassing last year’s record for the same time period (726) and gaining on the 2014 year-end total of 761 data breaches. From the perspective of records breached, the 2015 figures long-ago outstripped those in 2014, with a total of 176,325,059 records exposed this year (compared to 83,176,279 in all of 2014).
Let’s put these figures in perspective, as it’s hard to grasp such large figures. When last year we may have been blown away by the exposure of over 83 million records, this year there are more than double that. 176 million records; that’s more than the population in Bangladesh, the 8th most populous countries in the world. It’s more than half of the population in the United States.
While ‘hacking’ accounts for the most data breaches listed, this can give an unclear view of how to protect data. Terms like ‘hacking’ and ‘malicious outsiders’ implies a brute force attack against a network, while the reality is much more complex. For example, a phishing attack or a lost device may expose a password, which is used to gain access to the network. Many reports now have indicated that people are at the core of most security incidents, either intentionally or unknowingly putting data at risk.
There is no single solution that can protect data. Instead, the best security posture is one that integrates security into the corporate culture from the top-down, prioritizing education and security policies with layers of technology that complement each other and provide redundancy in case one layer is breached. Technologies should be in place that will automatically alert IT of risk incidents, whether it be email filtering, password enforcement or alerts to irregularities in software, hardware or user behaviour, as we provide with Absolute DDS. Even the most well-prepared and well-trained organizations may still suffer from mistakes that lead to a data breach, so having steps in place to remediate compromised systems and minimize damages is also key. Learn more about how our team can assist you with your risk response and investigations here.